diff --git a/admin.php b/admin.php index 97f9f87..9804b20 100644 --- a/admin.php +++ b/admin.php @@ -1,5 +1,5 @@ diff --git a/aes.php b/aes.php index 90dfa39..3d2bdfa 100644 --- a/aes.php +++ b/aes.php @@ -1,6 +1,6 @@ 6 && $i%$Nk == 4) { - $temp = SubWord($temp); +function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2] +{ + global $Rcon; // PHP needs explicit declaration to access global variables! + $Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES) + $Nk = count($key) / 4; // key length (in words): 4/6/8 for 128/192/256-bit keys + $Nr = $Nk + 6; // no of rounds: 10/12/14 for 128/192/256-bit keys + + $w = array(); + $temp = array(); + + for ($i = 0; $i < $Nk; $i++) { + $r = array( + $key[4 * $i], + $key[4 * $i + 1], + $key[4 * $i + 2], + $key[4 * $i + 3] + ); + $w[$i] = $r; } - for ($t=0; $t<4; $t++) $w[$i][$t] = $w[$i-$Nk][$t] ^ $temp[$t]; - } - return $w; + + for ($i = $Nk; $i < ($Nb * ($Nr + 1)); $i++) { + $w[$i] = array(); + for ($t = 0; $t < 4; $t++) + $temp[$t] = $w[$i - 1][$t]; + if ($i % $Nk == 0) { + $temp = SubWord(RotWord($temp)); + for ($t = 0; $t < 4; $t++) + $temp[$t] ^= $Rcon[$i / $Nk][$t]; + } else if ($Nk > 6 && $i % $Nk == 4) { + $temp = SubWord($temp); + } + for ($t = 0; $t < 4; $t++) + $w[$i][$t] = $w[$i - $Nk][$t] ^ $temp[$t]; + } + return $w; } -function SubWord($w) { // apply SBox to 4-byte word w - global $Sbox; // PHP needs explicit declaration to access global variables! - for ($i=0; $i<4; $i++) $w[$i] = $Sbox[$w[$i]]; - return $w; +function SubWord($w) // apply SBox to 4-byte word w +{ + global $Sbox; // PHP needs explicit declaration to access global variables! + for ($i = 0; $i < 4; $i++) + $w[$i] = $Sbox[$w[$i]]; + return $w; } -function RotWord($w) { // rotate 4-byte word w left by one byte - $w[4] = $w[0]; - for ($i=0; $i<4; $i++) $w[$i] = $w[$i+1]; - return $w; +function RotWord($w) // rotate 4-byte word w left by one byte +{ + $w[4] = $w[0]; + for ($i = 0; $i < 4; $i++) + $w[$i] = $w[$i + 1]; + return $w; } // Sbox is pre-computed multiplicative inverse in GF(2^8) used in SubBytes and KeyExpansion [§5.1.1] -$Sbox = array(0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76, - 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0, - 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15, - 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75, - 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84, - 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf, - 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8, - 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2, - 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73, - 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb, - 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79, - 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08, - 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a, - 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e, - 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf, - 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16); +$Sbox = array(0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76, + 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0, + 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15, + 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75, + 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84, + 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf, + 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8, + 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2, + 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73, + 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb, + 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79, + 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08, + 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a, + 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e, + 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf, + 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16); // Rcon is Round Constant used for the Key Expansion [1st col is 2^(r-1) in GF(2^8)] [§5.2] $Rcon = array( array(0x00, 0x00, 0x00, 0x00), @@ -165,7 +197,7 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00), array(0x40, 0x00, 0x00, 0x00), array(0x80, 0x00, 0x00, 0x00), array(0x1b, 0x00, 0x00, 0x00), - array(0x36, 0x00, 0x00, 0x00) ); + array(0x36, 0x00, 0x00, 0x00) ); /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */ @@ -181,61 +213,69 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00), * @param nBits number of bits to be used in the key (128, 192, or 256) * @return encrypted text */ -function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) { - $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES - if (!($nBits==128 || $nBits==192 || $nBits==256)) return ''; // standard allows 128/192/256 bit keys - // note PHP (5) gives us plaintext and password in UTF8 encoding! - - // use AES itself to encrypt password to get cipher key (using plain password as source for key - // expansion) - gives us well encrypted key - $nBytes = $nBits/8; // no bytes in key - $pwBytes = array(); - for ($i=0; $i<$nBytes; $i++) $pwBytes[$i] = ord(substr($password,$i,1)) & 0xff; - $key = Cipher($pwBytes, KeyExpansion($pwBytes)); - $key = array_merge($key, array_slice($key, 0, $nBytes-16)); // expand key to 16/24/32 bytes long - - // initialise counter block (NIST SP800-38A §B.2): millisecond time-stamp for nonce in - // 1st 8 bytes, block counter in 2nd 8 bytes - $counterBlock = array(); - $nonce = floor(microtime(true)*1000); // timestamp: milliseconds since 1-Jan-1970 - $nonceSec = floor($nonce/1000); - $nonceMs = $nonce%1000; - // encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes - for ($i=0; $i<4; $i++) $counterBlock[$i] = urs($nonceSec, $i*8) & 0xff; - for ($i=0; $i<4; $i++) $counterBlock[$i+4] = $nonceMs & 0xff; - // and convert it to a string to go on the front of the ciphertext - $ctrTxt = ''; - for ($i=0; $i<8; $i++) $ctrTxt .= chr($counterBlock[$i]); - - // generate key schedule - an expansion of the key into distinct Key Rounds for each round - $keySchedule = KeyExpansion($key); - - $blockCount = ceil(strlen($plaintext)/$blockSize); - $ciphertxt = array(); // ciphertext as array of strings - - for ($b=0; $b<$blockCount; $b++) { - // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes) - // done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB) - for ($c=0; $c<4; $c++) $counterBlock[15-$c] = urs($b, $c*8) & 0xff; - for ($c=0; $c<4; $c++) $counterBlock[15-$c-4] = urs($b/0x100000000, $c*8); - - $cipherCntr = Cipher($counterBlock, $keySchedule); // -- encrypt counter block -- - - // block size is reduced on final block - $blockLength = $b<$blockCount-1 ? $blockSize : (strlen($plaintext)-1)%$blockSize+1; - $cipherByte = array(); +function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128) +{ + $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES + if (!($nBits == 128 || $nBits == 192 || $nBits == 256)) + return ''; // standard allows 128/192/256 bit keys + // note PHP (5) gives us plaintext and password in UTF8 encoding! - for ($i=0; $i<$blockLength; $i++) { // -- xor plaintext with ciphered counter byte-by-byte -- - $cipherByte[$i] = $cipherCntr[$i] ^ ord(substr($plaintext, $b*$blockSize+$i, 1)); - $cipherByte[$i] = chr($cipherByte[$i]); + // use AES itself to encrypt password to get cipher key (using plain password as source for key + // expansion) - gives us well encrypted key + $nBytes = $nBits / 8; // no bytes in key + $pwBytes = array(); + for ($i = 0; $i < $nBytes; $i++) + $pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff; + $key = Cipher($pwBytes, KeyExpansion($pwBytes)); + $key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long + + // initialise counter block (NIST SP800-38A §B.2): millisecond time-stamp for nonce in + // 1st 8 bytes, block counter in 2nd 8 bytes + $counterBlock = array(); + $nonce = floor(microtime(true) * 1000); // timestamp: milliseconds since 1-Jan-1970 + $nonceSec = floor($nonce / 1000); + $nonceMs = $nonce % 1000; + // encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes + for ($i = 0; $i < 4; $i++) + $counterBlock[$i] = urs($nonceSec, $i * 8) & 0xff; + for ($i = 0; $i < 4; $i++) + $counterBlock[$i + 4] = $nonceMs & 0xff; + // and convert it to a string to go on the front of the ciphertext + $ctrTxt = ''; + for ($i = 0; $i < 8; $i++) + $ctrTxt .= chr($counterBlock[$i]); + + // generate key schedule - an expansion of the key into distinct Key Rounds for each round + $keySchedule = KeyExpansion($key); + + $blockCount = ceil(strlen($plaintext) / $blockSize); + $ciphertxt = array(); // ciphertext as array of strings + + for ($b = 0; $b < $blockCount; $b++) { + // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes) + // done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB) + for ($c = 0; $c < 4; $c++) + $counterBlock[15 - $c] = urs($b, $c * 8) & 0xff; + for ($c = 0; $c < 4; $c++) + $counterBlock[15 - $c - 4] = urs($b / 0x100000000, $c * 8); + + $cipherCntr = Cipher($counterBlock, $keySchedule); // -- encrypt counter block -- + + // block size is reduced on final block + $blockLength = $b < $blockCount - 1 ? $blockSize : (strlen($plaintext) - 1) % $blockSize + 1; + $cipherByte = array(); + + for ($i = 0; $i < $blockLength; $i++) { // -- xor plaintext with ciphered counter byte-by-byte -- + $cipherByte[$i] = $cipherCntr[$i] ^ ord(substr($plaintext, $b * $blockSize + $i, 1)); + $cipherByte[$i] = chr($cipherByte[$i]); + } + $ciphertxt[$b] = implode('', $cipherByte); // escape troublesome characters in ciphertext } - $ciphertxt[$b] = implode('', $cipherByte); // escape troublesome characters in ciphertext - } - - // implode is more efficient than repeated string concatenation - $ciphertext = $ctrTxt . implode('', $ciphertxt); - $ciphertext = base64_encode($ciphertext); - return $ciphertext; + + // implode is more efficient than repeated string concatenation + $ciphertext = $ctrTxt . implode('', $ciphertxt); + $ciphertext = base64_encode($ciphertext); + return $ciphertext; } @@ -247,56 +287,63 @@ function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) { * @param nBits number of bits to be used in the key (128, 192, or 256) * @return decrypted text */ -function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) { - $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES - if (!($nBits==128 || $nBits==192 || $nBits==256)) return ''; // standard allows 128/192/256 bit keys - $ciphertext = base64_decode($ciphertext); - - // use AES to encrypt password (mirroring encrypt routine) - $nBytes = $nBits/8; // no bytes in key - $pwBytes = array(); - for ($i=0; $i<$nBytes; $i++) $pwBytes[$i] = ord(substr($password,$i,1)) & 0xff; - $key = Cipher($pwBytes, KeyExpansion($pwBytes)); - $key = array_merge($key, array_slice($key, 0, $nBytes-16)); // expand key to 16/24/32 bytes long - - // recover nonce from 1st element of ciphertext - $counterBlock = array(); - $ctrTxt = substr($ciphertext, 0, 8); - for ($i=0; $i<8; $i++) $counterBlock[$i] = ord(substr($ctrTxt,$i,1)); - - // generate key schedule - $keySchedule = KeyExpansion($key); - - // separate ciphertext into blocks (skipping past initial 8 bytes) - $nBlocks = ceil((strlen($ciphertext)-8) / $blockSize); - $ct = array(); - for ($b=0; $b<$nBlocks; $b++) $ct[$b] = substr($ciphertext, 8+$b*$blockSize, 16); - $ciphertext = $ct; // ciphertext is now array of block-length strings - - // plaintext will get generated block-by-block into array of block-length strings - $plaintxt = array(); - - for ($b=0; $b<$nBlocks; $b++) { - // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes) - for ($c=0; $c<4; $c++) $counterBlock[15-$c] = urs($b, $c*8) & 0xff; - for ($c=0; $c<4; $c++) $counterBlock[15-$c-4] = urs(($b+1)/0x100000000-1, $c*8) & 0xff; - - $cipherCntr = Cipher($counterBlock, $keySchedule); // encrypt counter block - - $plaintxtByte = array(); - for ($i=0; $i0) { // if left-most bit set - $a = ($a>>1) & 0x7fffffff; // right-shift one bit & clear left-most bit - $a = $a >> ($b-1); // remaining right-shifts - } else { // otherwise - $a = ($a>>$b); // use normal right-shift - } - return $a; -} -?> +function urs($a, $b) +{ + $a &= 0xffffffff; + $b &= 0x1f; // (bounds check) + if ($a & 0x80000000 && $b > 0) { // if left-most bit set + $a = ($a >> 1) & 0x7fffffff; // right-shift one bit & clear left-most bit + $a = $a >> ($b - 1); // remaining right-shifts + } else { // otherwise + $a = ($a >> $b); // use normal right-shift + } + return $a; +} \ No newline at end of file diff --git a/api.php b/api.php index 7f53232..3275858 100644 --- a/api.php +++ b/api.php @@ -1,8 +1,8 @@ \|]{1,255}$)/'); - //与xss记录相关api -if(isset($_GET['cmd'])) -{ - switch($_GET['cmd']) - { - //获取所有记录包括详细信息 - case 'list': - echo json_encode(xss_record_detail_list()); - break; - - //只获取时间戳(索引id) - case 'id_list': - echo json_encode(xss_record_id_list()); - break; - - //根据时间戳(索引id)获得单条信息 - case 'get': - if(isset($_GET['id'])&&preg_match(ID_REGEX,$_GET['id'])) - echo json_encode(load_xss_record($_GET['id'])); - else - echo json_encode(false); - break; - - //根据时间戳(索引id)删除单条信息 - case 'del': - if(isset($_GET['id'])&&preg_match(ID_REGEX,$_GET['id'])) - echo json_encode(delete_xss_record($_GET['id'])); - else - echo json_encode(false); - break; - - //清空记录 - case 'clear': - echo json_encode(clear_xss_record()); - break; - - default: - echo json_encode(false); - } +if (isset($_GET['cmd'])) { + switch ($_GET['cmd']) { + //获取所有记录包括详细信息 + case 'list': + echo json_encode(xss_record_detail_list()); + break; + + //只获取时间戳(索引id) + case 'id_list': + echo json_encode(xss_record_id_list()); + break; + + //根据时间戳(索引id)获得单条信息 + case 'get': + if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id'])) + echo json_encode(load_xss_record($_GET['id'])); + else + echo json_encode(false); + break; + + //根据时间戳(索引id)删除单条信息 + case 'del': + if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id'])) + echo json_encode(delete_xss_record($_GET['id'])); + else + echo json_encode(false); + break; + + //清空记录 + case 'clear': + echo json_encode(clear_xss_record()); + break; + + default: + echo json_encode(false); + } } //与js模板相关api -else if(isset($_GET['js_template_cmd'])) -{ - switch($_GET['js_template_cmd']) - { - //获取所有js模板的名字与描述 - case 'list': - echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH)); - break; - - //添加js模板 - case 'add': - if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name'])) - { - if(!is_writable(JS_TEMPLATE_PATH)) - echo json_encode(false); - else - { - save_js_desc(JS_TEMPLATE_PATH,$_POST['desc'],$_POST['name']); - save_js_content(JS_TEMPLATE_PATH,$_POST['content'],$_POST['name']); - echo json_encode(true); - } - } - else - echo json_encode(false); - - break; - - //修改js模板 - case 'modify': - if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name'])) - { - if(!is_writable(JS_TEMPLATE_PATH)) - echo json_encode(false); - else - { - if($_POST['old_name']!=$_POST['name']) - delete_js(JS_TEMPLATE_PATH,$_POST['old_name']); - - save_js_desc(JS_TEMPLATE_PATH,$_POST['desc'],$_POST['name']); - save_js_content(JS_TEMPLATE_PATH,$_POST['content'],$_POST['name']); - echo json_encode(true); - } - } - else - echo json_encode(false); - - break; - - //获取某一js模板的内容 - case 'get': - if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name'])) - echo json_encode(load_js_content(JS_TEMPLATE_PATH,$_GET['name'])); - else - echo json_encode(false); - break; - - //删除js模板 - case 'del': - if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name'])) - echo json_encode(delete_js(JS_TEMPLATE_PATH,$_GET['name'])); - else - echo json_encode(false); - break; - - //清空js模板 - case 'clear': - echo json_encode(clear_js(JS_TEMPLATE_PATH)); - break; - - default: - echo json_encode(false); - } +else if (isset($_GET['js_template_cmd'])) { + switch ($_GET['js_template_cmd']) { + //获取所有js模板的名字与描述 + case 'list': + echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH)); + break; + + //添加js模板 + case 'add': + if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) { + if (!is_writable(JS_TEMPLATE_PATH)) + echo json_encode(false); + else { + save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']); + save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']); + echo json_encode(true); + } + } else + echo json_encode(false); + + break; + + //修改js模板 + case 'modify': + if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) { + if (!is_writable(JS_TEMPLATE_PATH)) + echo json_encode(false); + else { + if ($_POST['old_name'] != $_POST['name']) + delete_js(JS_TEMPLATE_PATH, $_POST['old_name']); + + save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']); + save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']); + echo json_encode(true); + } + } else + echo json_encode(false); + + break; + + //获取某一js模板的内容 + case 'get': + if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) + echo json_encode(load_js_content(JS_TEMPLATE_PATH, $_GET['name'])); + else + echo json_encode(false); + break; + + //删除js模板 + case 'del': + if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) + echo json_encode(delete_js(JS_TEMPLATE_PATH, $_GET['name'])); + else + echo json_encode(false); + break; + + //清空js模板 + case 'clear': + echo json_encode(clear_js(JS_TEMPLATE_PATH)); + break; + + default: + echo json_encode(false); + } } //与我的js相关api -else if(isset($_GET['my_js_cmd'])) +else if (isset($_GET['my_js_cmd'])) { + switch ($_GET['my_js_cmd']) { + //获取所有我的js的名字与描述 + case 'list': + echo json_encode(js_name_and_desc_list(MY_JS_PATH)); + break; + + //添加js模板 + case 'add': + if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) { + if (!is_writable(MY_JS_PATH)) + echo json_encode(false); + else { + save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']); + save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']); + echo json_encode(true); + } + + } else + echo json_encode(false); + + break; + + //修改js模板 + case 'modify': + if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) { + if (!is_writable(MY_JS_PATH)) + echo json_encode(false); + else { + if ($_POST['old_name'] != $_POST['name']) + delete_js(MY_JS_PATH, $_POST['old_name']); + + save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']); + save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']); + echo json_encode(true); + } + } else + echo json_encode(false); + + break; + + //获取某一js模板的内容 + case 'get': + if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) + echo json_encode(load_js_content(MY_JS_PATH, $_GET['name'])); + else + echo json_encode(false); + break; + + //删除js模板 + case 'del': + if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) + echo json_encode(delete_js(MY_JS_PATH, $_GET['name'])); + else + echo json_encode(false); + break; + + //清空js模板 + case 'clear': + echo json_encode(clear_js(MY_JS_PATH)); + break; + + default: + echo json_encode(false); + } +} else + echo json_encode(false); + + +function xss_record_id_list() { - switch($_GET['my_js_cmd']) - { - //获取所有我的js的名字与描述 - case 'list': - echo json_encode(js_name_and_desc_list(MY_JS_PATH)); - break; - - //添加js模板 - case 'add': - if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name'])) - { - if(!is_writable(MY_JS_PATH)) - echo json_encode(false); - else - { - save_js_desc(MY_JS_PATH,$_POST['desc'],$_POST['name']); - save_js_content(MY_JS_PATH,$_POST['content'],$_POST['name']); - echo json_encode(true); - } - - } - else - echo json_encode(false); - - break; - - //修改js模板 - case 'modify': - if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name'])) - { - if(!is_writable(MY_JS_PATH)) - echo json_encode(false); - else - { - if($_POST['old_name']!=$_POST['name']) - delete_js(MY_JS_PATH,$_POST['old_name']); - - save_js_desc(MY_JS_PATH,$_POST['desc'],$_POST['name']); - save_js_content(MY_JS_PATH,$_POST['content'],$_POST['name']); - echo json_encode(true); - } - } - else - echo json_encode(false); - - break; - - //获取某一js模板的内容 - case 'get': - if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name'])) - echo json_encode(load_js_content(MY_JS_PATH,$_GET['name'])); - else - echo json_encode(false); - break; - - //删除js模板 - case 'del': - if(isset($_GET['name'])&&preg_match(FILE_REGEX,$_GET['name'])) - echo json_encode(delete_js(MY_JS_PATH,$_GET['name'])); - else - echo json_encode(false); - break; - - //清空js模板 - case 'clear': - echo json_encode(clear_js(MY_JS_PATH)); - break; - - default: - echo json_encode(false); - } -} -else - echo json_encode(false); - - -function xss_record_id_list() { - $files = glob(DATA_PATH . '/*.php'); - $list=array(); - foreach ($files as $file){ - $filename=basename($file,".php"); - if( preg_match(ID_REGEX, $filename) ) - $list[]=$filename; - } - return $list; + $files = glob(DATA_PATH . '/*.php'); + $list = array(); + foreach ($files as $file) { + $filename = basename($file, ".php"); + if (preg_match(ID_REGEX, $filename)) + $list[] = $filename; + } + return $list; } -function xss_record_detail_list() { - $list=array(); - $files = glob(DATA_PATH . '/*.php'); - arsort($files); - - foreach ($files as $file) { - $filename=basename($file,".php"); - if( preg_match(ID_REGEX, $filename) ) - { - $info=load_xss_record($filename); - if($info===false) - continue; - - $isChange=false; - //如果没有设置location,就查询qqwry.dat判断location - if(!isset($info['location'])) - { - $info['location']=stripStr( convertip($info['user_IP'],IPDATA_PATH) ); - $isChange=true; - } - - if($isChange) - save_xss_record(json_encode($info),$filename); - $list[]= $info; - } - } - return $list; +function xss_record_detail_list() +{ + $list = array(); + $files = glob(DATA_PATH . '/*.php'); + arsort($files); + + foreach ($files as $file) { + $filename = basename($file, ".php"); + if (preg_match(ID_REGEX, $filename)) { + $info = load_xss_record($filename); + if ($info === false) + continue; + + $isChange = false; + //如果没有设置location,就查询qqwry.dat判断location + if (!isset($info['location'])) { + $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); + $isChange = true; + } + + if ($isChange) + save_xss_record(json_encode($info), $filename); + $list[] = $info; + } + } + return $list; } //获取js的名字与描述列表 function js_name_and_desc_list($path) { - $list=array(); - $files = glob($path . '/*.js'); - arsort($files); - - foreach ($files as $file){ - //由于可能有中文名,故使用正则来提取文件名 - $item=array(); - $item['js_uri']=$file; - - $filename=preg_replace('/^.+[\\\\\\/]/', '', $file); - $filename=substr ( $filename , 0 , strlen ($filename)-3 ); - $item['js_name']=$filename; - $item['js_name_abbr']=stripStr($filename); - - $result=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc'); - $result=$result?$result:""; - - - $result=decrypt($result); - - if(json_encode($result)===false) - $result="加密密码不符,无法获得描述"; - - $item['js_description']=$result; - $item['js_description_abbr']=stripStr($result); - - //特别注意:只有js_name_abbr,js_description_abbr经过stripStr处理 - $list[]= $item; - - } - - return $list; -} -?> \ No newline at end of file + $list = array(); + $files = glob($path . '/*.js'); + arsort($files); + + foreach ($files as $file) { + //由于可能有中文名,故使用正则来提取文件名 + $item = array(); + $item['js_uri'] = $file; + + $filename = preg_replace('/^.+[\\\\\\/]/', '', $file); + $filename = substr($filename, 0, strlen($filename) - 3); + $item['js_name'] = $filename; + $item['js_name_abbr'] = stripStr($filename); + + $result = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'); + $result = $result ? $result : ""; + + + $result = decrypt($result); + + if (json_encode($result) === false) + $result = "加密密码不符,无法获得描述"; + + $item['js_description'] = $result; + $item['js_description_abbr'] = stripStr($result); + + //特别注意:只有js_name_abbr,js_description_abbr经过stripStr处理 + $list[] = $item; + + } + + return $list; +} \ No newline at end of file diff --git a/auth.php b/auth.php index 627fdad..b5e21d0 100644 --- a/auth.php +++ b/auth.php @@ -1,27 +1,24 @@ \ No newline at end of file +header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'"); \ No newline at end of file diff --git a/change_encrypt_pass.php b/change_encrypt_pass.php index 5edcd4f..ec64e1c 100644 --- a/change_encrypt_pass.php +++ b/change_encrypt_pass.php @@ -12,7 +12,7 @@ exit(); * php change_encrypt_pass.php true bluelotus AES true bluelotus RC4 * php change_encrypt_pass.php true bluelotus AES false xxxx(任意值) AES */ - + /* * 从旧版本升级的方法 * 1. php change_encrypt_pass.php update (以前是否加密true/false) (旧加密密码) @@ -21,130 +21,122 @@ exit(); * 3. php change_encrypt_pass.php true bluelotus rc4 (现在是否加密) (新加密密码) (新加密方法) * 4. 升级完成 */ -define("IN_XSS_PLATFORM",true); +define("IN_XSS_PLATFORM", true); require_once("config.php"); -if($argv[1]==="update") - update_from_old_version($argv[2],$argv[3]); +if ($argv[1] === "update") + update_from_old_version($argv[2], $argv[3]); else - change_pass($argv[1],$argv[2],$argv[3],$argv[4],$argv[5],$argv[6]); - -function update_from_old_version($old_enable_encrypt,$old_encrypt_pass){ - //如果从旧版本升级,就统一先切换为RC4,密码bluelotus - modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus", "RC4"); - modify_xss_record($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus","RC4"); -} -function change_pass($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) + change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]); + +function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) { - modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); - modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); - modify_js_desc(MY_JS_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); - modify_js_desc(JS_TEMPLATE_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); + //如果从旧版本升级,就统一先切换为RC4,密码bluelotus + modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4"); + modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4"); +} +function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) +{ + modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); + modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); + modify_js_desc(MY_JS_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); + modify_js_desc(JS_TEMPLATE_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); } -function modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) +function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { - $logfile = DATA_PATH . '/forbiddenIPList.dat'; - - $str = @file_get_contents( $logfile ); - if($str===false) - return; - - $str=decrypt($str,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type); - $str=encrypt($str, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type); - - if(@file_put_contents($logfile, $str)) - echo "修改封禁ip成功\n"; - else - echo "修改封禁ip失败,可能是没有权限,chmod 777!\n"; + $logfile = DATA_PATH . '/forbiddenIPList.dat'; + + $str = @file_get_contents($logfile); + if ($str === false) + return; + + $str = decrypt($str, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type); + $str = encrypt($str, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); + + if (@file_put_contents($logfile, $str)) + echo "修改封禁ip成功\n"; + else + echo "修改封禁ip失败,可能是没有权限,chmod 777!\n"; } -function modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) +function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { - $files = glob(DATA_PATH . '/*.php'); - - foreach ($files as $file) { - $filename=basename($file,".php"); - if( preg_match("/^[0-9]{10}$/", $filename) ) - { - $logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php'; - $info=@file_get_contents($logFile); - - if($info!==false && strncmp($info,'',15)===0) - { - $info=substr($info,15); - $info=decrypt($info,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type); - } - else - $info=""; - $info=encrypt($info, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type); - - if(@file_put_contents($logFile, ''.$info)) - echo "修改一条xss记录成功\n"; - else - echo "修改一条xss记录失败,可能是没有权限,chmod 777!\n"; - - } - } -} -function modify_js_desc($path,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) + $files = glob(DATA_PATH . '/*.php'); + + foreach ($files as $file) { + $filename = basename($file, ".php"); + if (preg_match("/^[0-9]{10}$/", $filename)) { + $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; + $info = @file_get_contents($logFile); + + if ($info !== false && strncmp($info, '', 15) === 0) { + $info = substr($info, 15); + $info = decrypt($info, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type); + } else + $info = ""; + $info = encrypt($info, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); + + if (@file_put_contents($logFile, '' . $info)) + echo "修改一条xss记录成功\n"; + else + echo "修改一条xss记录失败,可能是没有权限,chmod 777!\n"; + + } + } +} +function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) { - $files = glob($path . '/*.js'); - foreach ($files as $file){ - //由于可能有中文名,故使用正则来提取文件名 - $filename=preg_replace('/^.+[\\\\\\/]/', '', $file); - $filename=substr ( $filename , 0 , strlen ($filename)-3 ); - - $desc=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc'); - - if($desc!==false) - $desc=decrypt($desc,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type); - else - $desc=""; - - $desc=encrypt($desc, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type); - - if(@file_put_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc', $desc)) - echo "修改一条js描述成功\n"; - else - echo "修改一条js描述失败,可能是没有权限,chmod 777!\n"; - } + $files = glob($path . '/*.js'); + foreach ($files as $file) { + //由于可能有中文名,故使用正则来提取文件名 + $filename = preg_replace('/^.+[\\\\\\/]/', '', $file); + $filename = substr($filename, 0, strlen($filename) - 3); + + $desc = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'); + + if ($desc !== false) + $desc = decrypt($desc, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type); + else + $desc = ""; + + $desc = encrypt($desc, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type); + + if (@file_put_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc', $desc)) + echo "修改一条js描述成功\n"; + else + echo "修改一条js描述失败,可能是没有权限,chmod 777!\n"; + } } -function encrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type) +function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) { - if($enable_encrypt) { - if($encrypt_type==="AES") { - require_once("aes.php"); - $info=AESEncryptCtr($info,$encrypt_pass); - } - else { - require_once("rc4.php"); - $info=base64_encode( rc4($info,$encrypt_pass) ); - } - } - else - $info=base64_encode($info); - - return $info; + if ($encrypt_enable) { + if ($encrypt_type === "AES") { + require_once("aes.php"); + $info = AESEncryptCtr($info, $encrypt_pass); + } else { + require_once("rc4.php"); + $info = base64_encode(rc4($info, $encrypt_pass)); + } + } else + $info = base64_encode($info); + + return $info; } -function decrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type) +function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) { - if($enable_encrypt) { - if($encrypt_type==="AES") { - require_once("aes.php"); - $info=AESDecryptCtr($info,$encrypt_pass); - - } - else { - require_once("rc4.php"); - $info=rc4(base64_decode($info),$encrypt_pass); - } - } - else - $info=base64_decode($info); - return $info; -} -?> - + if ($encrypt_enable) { + if ($encrypt_type === "AES") { + require_once("aes.php"); + $info = AESDecryptCtr($info, $encrypt_pass); + + } else { + require_once("rc4.php"); + $info = rc4(base64_decode($info), $encrypt_pass); + } + } else + $info = base64_decode($info); + return $info; +} \ No newline at end of file diff --git a/config-sample.php b/config-sample.php new file mode 100644 index 0000000..7868bb7 --- /dev/null +++ b/config-sample.php @@ -0,0 +1,25 @@ + \ No newline at end of file diff --git a/dio.php b/dio.php index f142d3d..4d8423b 100644 --- a/dio.php +++ b/dio.php @@ -1,161 +1,149 @@ '.$info)===false) - return false; - else - return true; + $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; + !file_exists($logFile) && @touch($logFile); + + $info = encrypt($info); + + if (file_put_contents($logFile, '' . $info) === false) + return false; + else + return true; } function load_xss_record($filename) { - if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) - { - $logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php'; - if(!file_exists($logFile)) - return false; - $info=@file_get_contents($logFile); - if($info===false) - return false; - - if(strncmp($info,'',15)!=0) - return false; - - $info=substr($info,15); - $info=decrypt($info); - - //只会出现在加密密码错误的时候 - if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info)) - return false; - - $info=json_decode($info, true); - - //只会出现在加密密码错误的时候 - if($info===false) - return false; - - $isChange=false; - if(!isset($info['location'])) - { - $info['location']=stripStr(convertip($info['user_IP'],IPDATA_PATH)); - $isChange=true; - } - - //只会出现在加密密码错误的时候 - if(!isset($info['request_time'])) - { - return false; - } - - if($isChange) - save_xss_record(json_encode($info),$filename); - - return $info; - } - else - return false; + if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { + $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; + if (!file_exists($logFile)) + return false; + $info = @file_get_contents($logFile); + if ($info === false) + return false; + + if (strncmp($info, '', 15) != 0) + return false; + + $info = substr($info, 15); + $info = decrypt($info); + + //只会出现在加密密码错误的时候 + if (!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info)) + return false; + + $info = json_decode($info, true); + + //只会出现在加密密码错误的时候 + if ($info === false) + return false; + + $isChange = false; + if (!isset($info['location'])) { + $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); + $isChange = true; + } + + //只会出现在加密密码错误的时候 + if (!isset($info['request_time'])) { + return false; + } + + if ($isChange) + save_xss_record(json_encode($info), $filename); + + return $info; + } else + return false; } function delete_xss_record($filename) { - if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) - { - $logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php'; - return unlink($logFile); - } - else - return false; + if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { + $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; + return unlink($logFile); + } else + return false; } function clear_xss_record() { - $files = glob(DATA_PATH . '/*.php'); - - foreach ($files as $file) { - unlink($file); - } - return true; + $files = glob(DATA_PATH . '/*.php'); + + foreach ($files as $file) { + unlink($file); + } + return true; } -function load_js_content($path,$filename) +function load_js_content($path, $filename) { - if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) - { - $file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js'; - if(!file_exists($file)) - return false; - - $info=@file_get_contents($file); - if($info===false) - $info=""; - return $info; - } - else - return false; + if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; + if (!file_exists($file)) + return false; + + $info = @file_get_contents($file); + if ($info === false) + $info = ""; + return $info; + } else + return false; } - -function delete_js($path,$filename) + +function delete_js($path, $filename) { - if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) - { - $file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc'; - unlink($file); - $file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js'; - return unlink($file); - } - else - return false; - + if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; + unlink($file); + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; + return unlink($file); + } else + return false; + } function clear_js($path) { - $files = glob($path . '/*.desc'); - foreach ($files as $file) { - unlink($file); - } - - $files = glob($path . '/*.js'); - foreach ($files as $file) { - unlink($file); - } - return true; + $files = glob($path . '/*.desc'); + foreach ($files as $file) { + unlink($file); + } + + $files = glob($path . '/*.js'); + foreach ($files as $file) { + unlink($file); + } + return true; } -function save_js_content($path,$content,$filename) +function save_js_content($path, $content, $filename) { - $file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js'; - !file_exists($file) && @touch($file); - - if(file_put_contents($file, $content)===false) - return false; - else - return true; + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; + !file_exists($file) && @touch($file); + + if (file_put_contents($file, $content) === false) + return false; + else + return true; } -function save_js_desc($path,$desc,$filename) +function save_js_desc($path, $desc, $filename) { - $file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc'; - !file_exists($file) && @touch($file); - - $desc=encrypt($desc); - - if(file_put_contents($file, $desc)===false) - return false; - else - return true; -} - -?> \ No newline at end of file + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; + !file_exists($file) && @touch($file); + + $desc = encrypt($desc); + + if (file_put_contents($file, $desc) === false) + return false; + else + return true; +} \ No newline at end of file diff --git a/functions.php b/functions.php index 6dedaa8..bd258bf 100644 --- a/functions.php +++ b/functions.php @@ -1,13 +1,14 @@ $value) { if (substr($name, 0, 5) == 'HTTP_') { $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; @@ -18,278 +19,275 @@ if (!function_exists('getallheaders')) { } //判断该记录是否 -function isKeepSession($info){ - $keepsession=false; - - foreach($info['get_data'] as $k => $v) { - if($k==="keepsession") - { - $keepsession=($v==="1"?true:false); - return $keepsession; - } - } - - foreach($info['post_data'] as $k => $v) { - if($k==="keepsession") - { - $keepsession=($v==="1"?true:false); - return $keepsession; - } - } - - foreach($info['cookie_data'] as $k => $v) { - if($k==="keepsession") - { - $keepsession=($v==="1"?true:false); - return $keepsession; - } - } - return $keepsession; +function isKeepSession($info) +{ + $keepsession = false; + + foreach ($info['get_data'] as $k => $v) { + if ($k === "keepsession") { + $keepsession = ($v === "1" ? true : false); + return $keepsession; + } + } + + foreach ($info['post_data'] as $k => $v) { + if ($k === "keepsession") { + $keepsession = ($v === "1" ? true : false); + return $keepsession; + } + } + + foreach ($info['cookie_data'] as $k => $v) { + if ($k === "keepsession") { + $keepsession = ($v === "1" ? true : false); + return $keepsession; + } + } + return $keepsession; } //xss过滤 -function stripStr($str){ - if(get_magic_quotes_gpc()) - $str=stripslashes($str); - return addslashes(htmlspecialchars($str,ENT_QUOTES,'UTF-8')); +function stripStr($str) +{ + if (get_magic_quotes_gpc()) + $str = stripslashes($str); + return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8')); } -function stripArr($arr){ - $new_arr=array(); - foreach($arr as $k => $v) { - $new_arr[stripStr($k)] = stripStr($v); - } - return $new_arr; +function stripArr($arr) +{ + $new_arr = array(); + foreach ($arr as $k => $v) { + $new_arr[stripStr($k)] = stripStr($v); + } + return $new_arr; } //尝试base64解码 -function tryBase64Decode($arr) +function tryBase64Decode($arr) { - if(isset($arr)&&count($arr)>0) - { - $isChanged=0; - - $new_arr = array(); - foreach($arr as $k => $v) { - $decoded_v=""; - if(isBase64Formatted($v)) { - $decoded_v=base64_decode($v); - $isChanged=1; - } - $new_arr[$k]=$decoded_v; - } - - if($isChanged) - return $new_arr; - else - return false; - } - else - return false; + if (isset($arr) && count($arr) > 0) { + $isChanged = 0; + + $new_arr = array(); + foreach ($arr as $k => $v) { + $decoded_v = ""; + if (isBase64Formatted($v)) { + $decoded_v = base64_decode($v); + $isChanged = 1; + } + $new_arr[$k] = $decoded_v; + } + + if ($isChanged) + return $new_arr; + else + return false; + } else + return false; } //判断string是否为base64编码(判断方法:解码后为可见字符串) function isBase64Formatted($str) { - if(preg_match('/^[A-Za-z0-9+\/=]+$/',$str)) - if ($str == base64_encode(base64_decode($str))) - if(preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',base64_decode($str))) - return true; + if (preg_match('/^[A-Za-z0-9+\/=]+$/', $str)) + if ($str == base64_encode(base64_decode($str))) + if (preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', base64_decode($str))) + return true; return false; } -function encrypt($info) +function encrypt($info) { - if(ENABLE_ENCRYPT) { - if(ENCRYPT_TYPE==="AES") { - require_once("aes.php"); - $info=AESEncryptCtr($info,ENCRYPT_PASS); - } - else { - require_once("rc4.php"); - $info=base64_encode( rc4($info,ENCRYPT_PASS) ); - } - } - else - $info=base64_encode($info); - - return $info; + if (ENCRYPT_ENABLE) { + if (ENCRYPT_TYPE === "AES") { + require_once("aes.php"); + $info = AESEncryptCtr($info, ENCRYPT_PASS); + } else { + require_once("rc4.php"); + $info = base64_encode(rc4($info, ENCRYPT_PASS)); + } + } else + $info = base64_encode($info); + + return $info; } -function decrypt($info) +function decrypt($info) { - if(ENABLE_ENCRYPT) { - if(ENCRYPT_TYPE==="AES") { - require_once("aes.php"); - $info=AESDecryptCtr($info,ENCRYPT_PASS); - - } - else { - require_once("rc4.php"); - $info=rc4(base64_decode($info),ENCRYPT_PASS); - } - } - else - $info=base64_decode($info); - return $info; + if (ENCRYPT_ENABLE) { + if (ENCRYPT_TYPE === "AES") { + require_once("aes.php"); + $info = AESDecryptCtr($info, ENCRYPT_PASS); + + } else { + require_once("rc4.php"); + $info = rc4(base64_decode($info), ENCRYPT_PASS); + } + } else + $info = base64_decode($info); + return $info; } //基于Discuz X3.1 function_misc.php -function convertip($ip, $ipdatafile) { - $ipaddr = '未知'; - if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) { - $iparray = explode('.', $ip); - if($iparray[0] == 10 || $iparray[0] == 127 || ($iparray[0] == 192 && $iparray[1] == 168) || ($iparray[0] == 172 && ($iparray[1] >= 16 && $iparray[1] <= 31))) { - $ipaddr = '局域网'; - } elseif($iparray[0] > 255 || $iparray[1] > 255 || $iparray[2] > 255 || $iparray[3] > 255) { - $ipaddr = '错误ip'; - } else { - if(@file_exists($ipdatafile)) { - if(!$fd = @fopen($ipdatafile, 'rb')) { - return 'ip库出错'; - } - - $ip = explode('.', $ip); - $ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3]; - - if(!($DataBegin = fread($fd, 4)) || !($DataEnd = fread($fd, 4)) ) return; - @$ipbegin = implode('', unpack('L', $DataBegin)); - if($ipbegin < 0) $ipbegin += pow(2, 32); - @$ipend = implode('', unpack('L', $DataEnd)); - if($ipend < 0) $ipend += pow(2, 32); - $ipAllNum = ($ipend - $ipbegin) / 7 + 1; - - $BeginNum = $ip2num = $ip1num = 0; - $ipAddr1 = $ipAddr2 = ''; - $EndNum = $ipAllNum; - - while($ip1num > $ipNum || $ip2num < $ipNum) { - $Middle= intval(($EndNum + $BeginNum) / 2); - - fseek($fd, $ipbegin + 7 * $Middle); - $ipData1 = fread($fd, 4); - if(strlen($ipData1) < 4) { - fclose($fd); - return '系统错误'; - } - $ip1num = implode('', unpack('L', $ipData1)); - if($ip1num < 0) $ip1num += pow(2, 32); - - if($ip1num > $ipNum) { - $EndNum = $Middle; - continue; - } - - $DataSeek = fread($fd, 3); - if(strlen($DataSeek) < 3) { - fclose($fd); - return '系统错误'; - } - $DataSeek = implode('', unpack('L', $DataSeek.chr(0))); - fseek($fd, $DataSeek); - $ipData2 = fread($fd, 4); - if(strlen($ipData2) < 4) { - fclose($fd); - return '系统错误'; - } - $ip2num = implode('', unpack('L', $ipData2)); - if($ip2num < 0) $ip2num += pow(2, 32); - - if($ip2num < $ipNum) { - if($Middle == $BeginNum) { - fclose($fd); - return '未知'; - } - $BeginNum = $Middle; - } - } - - $ipFlag = fread($fd, 1); - if($ipFlag == chr(1)) { - $ipSeek = fread($fd, 3); - if(strlen($ipSeek) < 3) { - fclose($fd); - return '系统错误'; - } - $ipSeek = implode('', unpack('L', $ipSeek.chr(0))); - fseek($fd, $ipSeek); - $ipFlag = fread($fd, 1); - } - - if($ipFlag == chr(2)) { - $AddrSeek = fread($fd, 3); - if(strlen($AddrSeek) < 3) { - fclose($fd); - return '系统错误'; - } - $ipFlag = fread($fd, 1); - if($ipFlag == chr(2)) { - $AddrSeek2 = fread($fd, 3); - if(strlen($AddrSeek2) < 3) { - fclose($fd); - return '系统错误'; - } - $AddrSeek2 = implode('', unpack('L', $AddrSeek2.chr(0))); - fseek($fd, $AddrSeek2); - } else { - fseek($fd, -1, SEEK_CUR); - } - - while(($char = fread($fd, 1)) != chr(0)) - $ipAddr2 .= $char; - - $AddrSeek = implode('', unpack('L', $AddrSeek.chr(0))); - fseek($fd, $AddrSeek); - - while(($char = fread($fd, 1)) != chr(0)) - $ipAddr1 .= $char; - } else { - fseek($fd, -1, SEEK_CUR); - while(($char = fread($fd, 1)) != chr(0)) - $ipAddr1 .= $char; - - $ipFlag = fread($fd, 1); - if($ipFlag == chr(2)) { - $AddrSeek2 = fread($fd, 3); - if(strlen($AddrSeek2) < 3) { - fclose($fd); - return '系统错误'; - } - $AddrSeek2 = implode('', unpack('L', $AddrSeek2.chr(0))); - fseek($fd, $AddrSeek2); - } else { - fseek($fd, -1, SEEK_CUR); - } - while(($char = fread($fd, 1)) != chr(0)) - $ipAddr2 .= $char; - } - fclose($fd); - - $ipAddr1 = iconv("gb18030", "utf-8//IGNORE", $ipAddr1); - if($ipAddr2){ - if(ord($ipAddr2{0}) == 2) - $ipAddr2 = ""; - else - $ipAddr2 = iconv("gb18030", "utf-8//IGNORE", $ipAddr2); - } - - if(preg_match('/http/i', $ipAddr2)) { - $ipAddr2 = ''; - } - - $ipaddr = $ipAddr1.$ipAddr2; - $ipaddr = preg_replace('/CZ88\.NET/is', '', $ipaddr); - $ipaddr = preg_replace('/^\s*/is', '', $ipaddr); - $ipaddr = preg_replace('/\s*$/is', '', $ipaddr); - if(preg_match('/http/i', $ipaddr) || $ipaddr == '') { - $ipaddr = '未知'; - } - return htmlspecialchars($ipaddr,ENT_QUOTES,'UTF-8'); - } - } - } - return $ipaddr; -} - - -?> \ No newline at end of file +function convertip($ip, $ipdatafile) +{ + $ipaddr = '未知'; + if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) { + $iparray = explode('.', $ip); + if ($iparray[0] == 10 || $iparray[0] == 127 || ($iparray[0] == 192 && $iparray[1] == 168) || ($iparray[0] == 172 && ($iparray[1] >= 16 && $iparray[1] <= 31))) { + $ipaddr = '局域网'; + } elseif ($iparray[0] > 255 || $iparray[1] > 255 || $iparray[2] > 255 || $iparray[3] > 255) { + $ipaddr = '错误ip'; + } else { + if (@file_exists($ipdatafile)) { + if (!$fd = @fopen($ipdatafile, 'rb')) { + return 'ip库出错'; + } + + $ip = explode('.', $ip); + $ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3]; + + if (!($DataBegin = fread($fd, 4)) || !($DataEnd = fread($fd, 4))) + return; + @$ipbegin = implode('', unpack('L', $DataBegin)); + if ($ipbegin < 0) + $ipbegin += pow(2, 32); + @$ipend = implode('', unpack('L', $DataEnd)); + if ($ipend < 0) + $ipend += pow(2, 32); + $ipAllNum = ($ipend - $ipbegin) / 7 + 1; + + $BeginNum = $ip2num = $ip1num = 0; + $ipAddr1 = $ipAddr2 = ''; + $EndNum = $ipAllNum; + + while ($ip1num > $ipNum || $ip2num < $ipNum) { + $Middle = intval(($EndNum + $BeginNum) / 2); + + fseek($fd, $ipbegin + 7 * $Middle); + $ipData1 = fread($fd, 4); + if (strlen($ipData1) < 4) { + fclose($fd); + return '系统错误'; + } + $ip1num = implode('', unpack('L', $ipData1)); + if ($ip1num < 0) + $ip1num += pow(2, 32); + + if ($ip1num > $ipNum) { + $EndNum = $Middle; + continue; + } + + $DataSeek = fread($fd, 3); + if (strlen($DataSeek) < 3) { + fclose($fd); + return '系统错误'; + } + $DataSeek = implode('', unpack('L', $DataSeek . chr(0))); + fseek($fd, $DataSeek); + $ipData2 = fread($fd, 4); + if (strlen($ipData2) < 4) { + fclose($fd); + return '系统错误'; + } + $ip2num = implode('', unpack('L', $ipData2)); + if ($ip2num < 0) + $ip2num += pow(2, 32); + + if ($ip2num < $ipNum) { + if ($Middle == $BeginNum) { + fclose($fd); + return '未知'; + } + $BeginNum = $Middle; + } + } + + $ipFlag = fread($fd, 1); + if ($ipFlag == chr(1)) { + $ipSeek = fread($fd, 3); + if (strlen($ipSeek) < 3) { + fclose($fd); + return '系统错误'; + } + $ipSeek = implode('', unpack('L', $ipSeek . chr(0))); + fseek($fd, $ipSeek); + $ipFlag = fread($fd, 1); + } + + if ($ipFlag == chr(2)) { + $AddrSeek = fread($fd, 3); + if (strlen($AddrSeek) < 3) { + fclose($fd); + return '系统错误'; + } + $ipFlag = fread($fd, 1); + if ($ipFlag == chr(2)) { + $AddrSeek2 = fread($fd, 3); + if (strlen($AddrSeek2) < 3) { + fclose($fd); + return '系统错误'; + } + $AddrSeek2 = implode('', unpack('L', $AddrSeek2 . chr(0))); + fseek($fd, $AddrSeek2); + } else { + fseek($fd, -1, SEEK_CUR); + } + + while (($char = fread($fd, 1)) != chr(0)) + $ipAddr2 .= $char; + + $AddrSeek = implode('', unpack('L', $AddrSeek . chr(0))); + fseek($fd, $AddrSeek); + + while (($char = fread($fd, 1)) != chr(0)) + $ipAddr1 .= $char; + } else { + fseek($fd, -1, SEEK_CUR); + while (($char = fread($fd, 1)) != chr(0)) + $ipAddr1 .= $char; + + $ipFlag = fread($fd, 1); + if ($ipFlag == chr(2)) { + $AddrSeek2 = fread($fd, 3); + if (strlen($AddrSeek2) < 3) { + fclose($fd); + return '系统错误'; + } + $AddrSeek2 = implode('', unpack('L', $AddrSeek2 . chr(0))); + fseek($fd, $AddrSeek2); + } else { + fseek($fd, -1, SEEK_CUR); + } + while (($char = fread($fd, 1)) != chr(0)) + $ipAddr2 .= $char; + } + fclose($fd); + + $ipAddr1 = iconv("gb18030", "utf-8//IGNORE", $ipAddr1); + if ($ipAddr2) { + if (ord($ipAddr2{0}) == 2) + $ipAddr2 = ""; + else + $ipAddr2 = iconv("gb18030", "utf-8//IGNORE", $ipAddr2); + } + + if (preg_match('/http/i', $ipAddr2)) { + $ipAddr2 = ''; + } + + $ipaddr = $ipAddr1 . $ipAddr2; + $ipaddr = preg_replace('/CZ88\.NET/is', '', $ipaddr); + $ipaddr = preg_replace('/^\s*/is', '', $ipaddr); + $ipaddr = preg_replace('/\s*$/is', '', $ipaddr); + if (preg_match('/http/i', $ipaddr) || $ipaddr == '') { + $ipaddr = '未知'; + } + return htmlspecialchars($ipaddr, ENT_QUOTES, 'UTF-8'); + } + } + } + return $ipaddr; +} \ No newline at end of file diff --git a/index.php b/index.php index c610f43..d27b2f7 100644 --- a/index.php +++ b/index.php @@ -1,67 +1,66 @@ \ No newline at end of file +if (MAIL_ENABLE) { + require_once("mail.php"); + @send_mail($info); +} \ No newline at end of file diff --git a/install.php b/install.php new file mode 100644 index 0000000..415aa36 --- /dev/null +++ b/install.php @@ -0,0 +1,465 @@ +已安装

请勿重复安装!

登录

' ); +} + +$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0; + +switch($step) { + case 0: // 显示说明 + display_header(); + +?> +
+

欢迎

+

欢迎使用本平台,安装开始前,请仔细阅读以下说明

+

手动安装方法:将config-sample.php改名为config.php,删除install.php即可。

+

警告:

+

本工具仅允许用于学习、研究场景,严禁用于任何非法用途!

+

人在做,天在看。善恶终有报,天道好轮回。不信抬头看,苍天饶过谁。

+

+
+ + +

配置

+

请按照下面提示配置xss平台,默认配置可直接下一步

+ + + +

安装成功

+

XSS平台安装成功,请点下方链接登录后台!

+ +

登录

+ + + + + + + + 安装 + + + + + +

错误

+

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +

特殊字符会被转义,慎用,下同

+
+ +

文件夹需要有写权限

+
+ +

文件夹需要有写权限

+
+ +

文件夹需要有写权限

+
+ /> +

对xss记录,js描述文件加密

+
+ +

加密数据的密码

+
+ + + + +
+ /> + +

详见README.md说明

+
+ +

纯真qqwry.dat位置

+
+ /> +

收到xss消息后邮件通知

+
+ +

SMTP服务器地址

+
+ +

详询服务提供商

+
+ +

默认无需修改

+
+ +

一般只是邮箱@之前的部分

+
+ +

发件邮箱的密码

+
+ +

不可伪造,否者无法发送

+
+ +

接收通知的邮件地址

+
+

+ +
+ \ No newline at end of file diff --git a/keepsession.php b/keepsession.php index 286d0c3..461360a 100644 --- a/keepsession.php +++ b/keepsession.php @@ -1,106 +1,102 @@ \ No newline at end of file +function getLocation($info) +{ + $location = ""; + + if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "") + $location = $info['decoded_get_data']['location']; + else if (isset($info['get_data']['location']) && $info['get_data']['location'] != "") + $location = $info['get_data']['location']; + else if (isset($info['decoded_post_data']['location']) && $info['decoded_post_data']['location'] != "") + $location = $info['decoded_post_data']['location']; + else if (isset($info['post_data']['location']) && $info['post_data']['location'] != "") + $location = $info['post_data']['location']; + else if (isset($info['decoded_cookie_data']['location']) && $info['decoded_cookie_data']['location'] != "") + $location = $info['decoded_cookie_data']['location']; + else if (isset($info['cookie_data']['location']) && $info['cookie_data']['location'] != "") + $location = $info['cookie_data']['location']; + else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "") + $location = $info['headers_data']['Referer']; + + return htmlspecialchars_decode(stripslashes($location), ENT_QUOTES); +} \ No newline at end of file diff --git a/load.php b/load.php new file mode 100644 index 0000000..1c3274c --- /dev/null +++ b/load.php @@ -0,0 +1,8 @@ + @@ -123,10 +116,10 @@ function generate_password( $length = 32 ) { - '; - ?> + '; +?> @@ -138,7 +131,11 @@ function generate_password( $length = 32 ) {
- /> + />